I caught that one about 10 seconds after pressing the send button. Guess nothing gets by you guys.
Warren Vail -----Original Message----- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:46 PM To: Vail, Warren; 'Chris W. Parker'; James E Hicks III; [EMAIL PROTECTED] Subject: RE: [PHP] <input type="text" value="He said, "How do I get this t o work?", with a frown" size="50"> --- "Vail, Warren" <[EMAIL PROTECTED]> wrote: > Ahh, because it's raw html and not in php. > > one choice would be to encapsulate it within php > > <input type="text" value="<?php echo "He said, \"How'm I gonna get > this to work?\", with a frown";?>" size="50"> The problem with this is that PHP is server-side, so the following is sent to the browser: <input type="text" value="He said, "How'm I gonna get this to work?", with a frown" size="50"> Thus, the same problem exists on the client-side, because the output is identical. To reiterate what others have stated, escaping quotes is good for PHP, and HTML entities are good for HTML. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
